CVE-2013-4408:s3:Ensure we always check call_id when validating an RPC reply.
[Samba.git] / source4 / client / cifsddio.c
blob0ceb69e3b15ed7a232b0f998aeec65e041e1673d
1 /*
2 CIFSDD - dd for SMB.
3 IO routines, generic and specific.
5 Copyright (C) James Peach 2005-2006
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "includes.h"
22 #include "system/filesys.h"
23 #include "libcli/libcli.h"
24 #include "lib/cmdline/popt_common.h"
26 #include "cifsdd.h"
28 /* ------------------------------------------------------------------------- */
29 /* UNIX file descriptor IO. */
30 /* ------------------------------------------------------------------------- */
32 struct fd_handle
34 struct dd_iohandle h;
35 int fd;
38 #define IO_HANDLE_TO_FD(h) (((struct fd_handle *)(h))->fd)
40 static bool fd_seek_func(void * handle, uint64_t offset)
42 ssize_t ret;
44 ret = lseek(IO_HANDLE_TO_FD(handle), offset, SEEK_SET);
45 if (ret < 0) {
46 fprintf(stderr, "%s: seek failed: %s\n",
47 PROGNAME, strerror(errno));
48 return(false);
51 return(true);
54 static bool fd_read_func(void * handle,
55 uint8_t * buf,
56 uint64_t wanted,
57 uint64_t * actual)
59 ssize_t ret;
61 ret = read(IO_HANDLE_TO_FD(handle), buf, wanted);
62 if (ret < 0) {
63 fprintf(stderr, "%s: %llu byte read failed: %s\n",
64 PROGNAME, (unsigned long long)wanted,
65 strerror(errno));
66 return(false);
69 *actual = (uint64_t)ret;
70 return(true);
73 static bool fd_write_func(void * handle,
74 uint8_t * buf,
75 uint64_t wanted,
76 uint64_t * actual)
78 ssize_t ret;
80 ret = write(IO_HANDLE_TO_FD(handle), buf, wanted);
81 if (ret < 0) {
82 fprintf(stderr, "%s: %llu byte write failed: %s\n",
83 PROGNAME, (unsigned long long)wanted,
84 strerror(errno));
85 return(false);
88 *actual = (uint64_t)ret;
89 return(true);
92 static struct dd_iohandle * open_fd_handle(const char * path,
93 uint64_t io_size,
94 int options)
96 struct fd_handle * fdh;
97 int oflags = 0;
99 DEBUG(4, ("opening fd stream for %s\n", path));
100 if ((fdh = talloc_zero(NULL, struct fd_handle)) == NULL) {
101 return(NULL);
104 fdh->h.io_read = fd_read_func;
105 fdh->h.io_write = fd_write_func;
106 fdh->h.io_seek = fd_seek_func;
108 if (options & DD_DIRECT_IO) {
109 #ifdef HAVE_OPEN_O_DIRECT
110 oflags |= O_DIRECT;
111 #else
112 DEBUG(1, ("no support for direct IO on this platform\n"));
113 #endif
116 if (options & DD_SYNC_IO)
117 oflags |= O_SYNC;
119 oflags |= (options & DD_WRITE) ? (O_WRONLY | O_CREAT) : (O_RDONLY);
121 fdh->fd = open(path, oflags, 0644);
122 if (fdh->fd < 0) {
123 fprintf(stderr, "%s: %s: %s\n",
124 PROGNAME, path, strerror(errno));
125 talloc_free(fdh);
126 return(NULL);
129 if (options & DD_OPLOCK) {
130 DEBUG(2, ("FIXME: take local oplock on %s\n", path));
133 SMB_ASSERT((void *)fdh == (void *)&fdh->h);
134 return(&fdh->h);
137 /* ------------------------------------------------------------------------- */
138 /* CIFS client IO. */
139 /* ------------------------------------------------------------------------- */
141 struct cifs_handle
143 struct dd_iohandle h;
144 struct smbcli_state * cli;
145 int fnum;
146 uint64_t offset;
149 #define IO_HANDLE_TO_SMB(h) ((struct cifs_handle *)(h))
151 static bool smb_seek_func(void * handle, uint64_t offset)
153 IO_HANDLE_TO_SMB(handle)->offset = offset;
154 return(true);
157 static bool smb_read_func(void * handle, uint8_t * buf, uint64_t wanted,
158 uint64_t * actual)
160 NTSTATUS ret;
161 union smb_read r;
162 struct cifs_handle * smbh;
164 ZERO_STRUCT(r);
165 smbh = IO_HANDLE_TO_SMB(handle);
167 r.generic.level = RAW_READ_READX;
168 r.readx.in.file.fnum = smbh->fnum;
169 r.readx.in.offset = smbh->offset;
170 r.readx.in.mincnt = wanted;
171 r.readx.in.maxcnt = wanted;
172 r.readx.out.data = buf;
174 /* FIXME: Should I really set readx.in.remaining? That just seems
175 * redundant.
177 ret = smb_raw_read(smbh->cli->tree, &r);
178 if (!NT_STATUS_IS_OK(ret)) {
179 fprintf(stderr, "%s: %llu byte read failed: %s\n",
180 PROGNAME, (unsigned long long)wanted,
181 nt_errstr(ret));
182 return(false);
185 /* Trap integer wrap. */
186 SMB_ASSERT((smbh->offset + r.readx.out.nread) >= smbh->offset);
188 *actual = r.readx.out.nread;
189 smbh->offset += r.readx.out.nread;
190 return(true);
193 static bool smb_write_func(void * handle, uint8_t * buf, uint64_t wanted,
194 uint64_t * actual)
196 NTSTATUS ret;
197 union smb_write w;
198 struct cifs_handle * smbh;
200 ZERO_STRUCT(w);
201 smbh = IO_HANDLE_TO_SMB(handle);
203 w.generic.level = RAW_WRITE_WRITEX;
204 w.writex.in.file.fnum = smbh->fnum;
205 w.writex.in.offset = smbh->offset;
206 w.writex.in.count = wanted;
207 w.writex.in.data = buf;
209 ret = smb_raw_write(smbh->cli->tree, &w);
210 if (!NT_STATUS_IS_OK(ret)) {
211 fprintf(stderr, "%s: %llu byte write failed: %s\n",
212 PROGNAME, (unsigned long long)wanted,
213 nt_errstr(ret));
214 return(false);
217 *actual = w.writex.out.nwritten;
218 smbh->offset += w.writex.out.nwritten;
219 return(true);
222 static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ctx,
223 struct tevent_context *ev,
224 const char * host,
225 const char **ports,
226 const char * share,
227 const char *socket_options,
228 struct smbcli_options *options,
229 struct smbcli_session_options *session_options,
230 struct gensec_settings *gensec_settings)
232 NTSTATUS ret;
233 struct smbcli_state * cli = NULL;
235 /* When we support SMB URLs, we can get different user credentials for
236 * each connection, but for now, we just use the same one for both.
238 ret = smbcli_full_connection(NULL, &cli, host, ports, share,
239 NULL /* devtype */,
240 socket_options,
241 cmdline_credentials, resolve_ctx,
242 ev, options,
243 session_options,
244 gensec_settings);
246 if (!NT_STATUS_IS_OK(ret)) {
247 fprintf(stderr, "%s: connecting to //%s/%s: %s\n",
248 PROGNAME, host, share, nt_errstr(ret));
249 return(NULL);
252 return(cli);
255 static int open_smb_file(struct smbcli_state * cli,
256 const char * path,
257 int options)
259 NTSTATUS ret;
260 union smb_open o;
262 ZERO_STRUCT(o);
264 o.ntcreatex.level = RAW_OPEN_NTCREATEX;
265 o.ntcreatex.in.fname = path;
267 /* TODO: It's not clear whether to use these flags or to use the
268 * similarly named NTCREATEX flags in the create_options field.
270 if (options & DD_DIRECT_IO)
271 o.ntcreatex.in.flags |= FILE_FLAG_NO_BUFFERING;
273 if (options & DD_SYNC_IO)
274 o.ntcreatex.in.flags |= FILE_FLAG_WRITE_THROUGH;
276 o.ntcreatex.in.access_mask |=
277 (options & DD_WRITE) ? SEC_FILE_WRITE_DATA
278 : SEC_FILE_READ_DATA;
280 /* Try to create the file only if we will be writing to it. */
281 o.ntcreatex.in.open_disposition =
282 (options & DD_WRITE) ? NTCREATEX_DISP_OPEN_IF
283 : NTCREATEX_DISP_OPEN;
285 o.ntcreatex.in.share_access =
286 NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE;
288 if (options & DD_OPLOCK) {
289 o.ntcreatex.in.flags |= NTCREATEX_FLAGS_REQUEST_OPLOCK;
292 ret = smb_raw_open(cli->tree, NULL, &o);
293 if (!NT_STATUS_IS_OK(ret)) {
294 fprintf(stderr, "%s: opening %s: %s\n",
295 PROGNAME, path, nt_errstr(ret));
296 return(-1);
299 return(o.ntcreatex.out.file.fnum);
302 static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx,
303 struct tevent_context *ev,
304 const char * host,
305 const char **ports,
306 const char * share,
307 const char * path,
308 uint64_t io_size,
309 int options,
310 const char *socket_options,
311 struct smbcli_options *smb_options,
312 struct smbcli_session_options *smb_session_options,
313 struct gensec_settings *gensec_settings)
315 struct cifs_handle * smbh;
317 if (path == NULL || *path == '\0') {
318 fprintf(stderr, "%s: missing path name within share //%s/%s\n",
319 PROGNAME, host, share);
322 DEBUG(4, ("opening SMB stream to //%s/%s for %s\n",
323 host, share, path));
325 if ((smbh = talloc_zero(NULL, struct cifs_handle)) == NULL) {
326 return(NULL);
329 smbh->h.io_read = smb_read_func;
330 smbh->h.io_write = smb_write_func;
331 smbh->h.io_seek = smb_seek_func;
333 if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share,
334 socket_options,
335 smb_options, smb_session_options,
336 gensec_settings)) == NULL) {
337 return(NULL);
340 DEBUG(4, ("connected to //%s/%s with xmit size of %u bytes\n",
341 host, share, smbh->cli->transport->negotiate.max_xmit));
343 smbh->fnum = open_smb_file(smbh->cli, path, options);
344 return(&smbh->h);
347 /* ------------------------------------------------------------------------- */
348 /* Abstract IO interface. */
349 /* ------------------------------------------------------------------------- */
351 struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx,
352 struct tevent_context *ev,
353 const char * path,
354 const char **ports,
355 uint64_t io_size,
356 int options,
357 const char *socket_options,
358 struct smbcli_options *smb_options,
359 struct smbcli_session_options *smb_session_options,
360 struct gensec_settings *gensec_settings)
362 if (file_exist(path)) {
363 return(open_fd_handle(path, io_size, options));
364 } else {
365 char * host;
366 char * share;
368 if (smbcli_parse_unc(path, NULL, &host, &share)) {
369 const char * remain;
370 remain = strstr(path, share) + strlen(share);
372 /* Skip over leading directory separators. */
373 while (*remain == '/' || *remain == '\\') { remain++; }
375 return(open_cifs_handle(resolve_ctx, ev, host, ports,
376 share, remain,
377 io_size, options,
378 socket_options, smb_options,
379 smb_session_options,
380 gensec_settings));
383 return(open_fd_handle(path, io_size, options));
387 /* Fill the buffer till it has at least need_size bytes. Use read operations of
388 * block_size bytes. Return the number of bytes read and fill buf_size with
389 * the new buffer size.
391 * NOTE: The IO buffer is guaranteed to be big enough to fit
392 * need_size + block_size bytes into it.
394 bool dd_fill_block(struct dd_iohandle * h,
395 uint8_t * buf,
396 uint64_t * buf_size,
397 uint64_t need_size,
398 uint64_t block_size)
400 uint64_t read_size;
402 SMB_ASSERT(block_size > 0);
403 SMB_ASSERT(need_size > 0);
405 while (*buf_size < need_size) {
407 if (!h->io_read(h, buf + (*buf_size), block_size, &read_size)) {
408 return(false);
411 if (read_size == 0) {
412 h->io_flags |= DD_END_OF_FILE;
413 break;
416 DEBUG(6, ("added %llu bytes to IO buffer (need %llu bytes)\n",
417 (unsigned long long)read_size,
418 (unsigned long long)need_size));
420 *buf_size += read_size;
421 dd_stats.in.bytes += read_size;
423 if (read_size == block_size) {
424 dd_stats.in.fblocks++;
425 } else {
426 DEBUG(3, ("partial read of %llu bytes (expected %llu)\n",
427 (unsigned long long)read_size,
428 (unsigned long long)block_size));
429 dd_stats.in.pblocks++;
433 return(true);
436 /* Flush a buffer that contains buf_size bytes. Use writes of block_size to do it,
437 * and shift any remaining bytes back to the head of the buffer when there are
438 * no more block_size sized IOs left.
440 bool dd_flush_block(struct dd_iohandle * h,
441 uint8_t * buf,
442 uint64_t * buf_size,
443 uint64_t block_size)
445 uint64_t write_size;
446 uint64_t total_size = 0;
448 SMB_ASSERT(block_size > 0);
450 /* We have explicitly been asked to write a partial block. */
451 if ((*buf_size) < block_size) {
453 if (!h->io_write(h, buf, *buf_size, &write_size)) {
454 return(false);
457 if (write_size == 0) {
458 fprintf(stderr, "%s: unexpectedly wrote 0 bytes\n",
459 PROGNAME);
460 return(false);
463 total_size += write_size;
464 dd_stats.out.bytes += write_size;
465 dd_stats.out.pblocks++;
468 /* Write as many full blocks as there are in the buffer. */
469 while (((*buf_size) - total_size) >= block_size) {
471 if (!h->io_write(h, buf + total_size, block_size, &write_size)) {
472 return(false);
475 if (write_size == 0) {
476 fprintf(stderr, "%s: unexpectedly wrote 0 bytes\n",
477 PROGNAME);
478 return(false);
481 if (write_size == block_size) {
482 dd_stats.out.fblocks++;
483 } else {
484 dd_stats.out.pblocks++;
487 total_size += write_size;
488 dd_stats.out.bytes += write_size;
490 DEBUG(6, ("flushed %llu bytes from IO buffer of %llu bytes (%llu remain)\n",
491 (unsigned long long)block_size,
492 (unsigned long long)block_size,
493 (unsigned long long)(block_size - total_size)));
496 SMB_ASSERT(total_size > 0);
498 /* We have flushed as much of the IO buffer as we can while
499 * still doing block_size'd operations. Shift any remaining data
500 * to the front of the IO buffer.
502 if ((*buf_size) > total_size) {
503 uint64_t remain = (*buf_size) - total_size;
505 DEBUG(3, ("shifting %llu remainder bytes to IO buffer head\n",
506 (unsigned long long)remain));
508 memmove(buf, buf + total_size, remain);
509 (*buf_size) = remain;
510 } else if ((*buf_size) == total_size) {
511 (*buf_size) = 0;
512 } else {
513 /* Else buffer contains buf_size bytes that we will append
514 * to next time round.
516 DEBUG(3, ("%llu unflushed bytes left in IO buffer\n",
517 (unsigned long long)(*buf_size)));
520 return(true);
523 /* vim: set sw=8 sts=8 ts=8 tw=79 : */